<?php
/**
 * App_Plugin_SecurityCheck
 *
 * @author Renato Innocenti
 */

class Application_Plugin_HasIdentity extends Zend_Controller_Plugin_Abstract
{
	private $_controller;
	private $_module;
	private $_action;
	private $_role;
	
	const MODULE_NO_AUTH='default';
	/**
	 * preDispatch
	 *
	 * @param Zend_Controller_Request_Abstract $request
	 */
	
	public function preDispatch (Zend_Controller_Request_Abstract $request)
	{
		$this->_controller = $this->getRequest()->getControllerName();
        $this->_module= $this->getRequest()->getModuleName();
        $this->_action= $this->getRequest()->getActionName();
        
        $auth= Zend_Auth::getInstance();
        $redirect=	true;
        /**/
        if ($this->_module != self::MODULE_NO_AUTH) {
        	#verifica se esta online
        	
        	if ($this->_isAuth($auth)) {
        		#esta autorizado?
        		$user= $auth->getStorage()->read();
        		$this->_role= $user->id_perfil;
        		$bootstrap = Zend_Controller_Front::getInstance()->getParam('bootstrap');
        		$db= $bootstrap->getResource('db');
        		$manager = $bootstrap->getResource('cachemanager');
        		$cache = $manager->getCache('acl');
        		if (($acl= $cache->load('ACL_'.$this->_role)) === false) {
        			$acl= new Mylibrary_Myacl_Acl($this->_role);
        			$cache->save($acl,'ACL_'.$this->_role);
        		}
        			
        		
        		if ($this->_isAllowed($auth,$acl)) {
        			$redirect=false;
        		}
        	}else{
        		$request->setModuleName('default');
        		$request->setControllerName('Auth');
        		$request->setActionName('login');
        	}
        }else{
        	$redirect = false;
        }
        /**/
        
        ######################
        
        if ($redirect) {
        	$request->setModuleName('default');
        	$request->setControllerName('index');
        	$request->setActionName('index');
        	
        }
        
	}
	
	/**
	 * Check user identity using Zend_Auth
	 *
	 * @param Zend_Auth $auth
	 * @return boolean
	 */
	private function _isAuth (Zend_Auth $auth)
	{
		if (!empty($auth) && ($auth instanceof Zend_Auth)) {
			return $auth->hasIdentity();
		}
		return false;
	}
	private function _isAllowed(Zend_Auth $auth, Zend_Acl $acl)
	{
		
		if (empty($auth) || empty($acl) ||
				!($auth instanceof Zend_Auth) ||
				!($acl instanceof Zend_Acl)) {
			return false;
		}
		$resources= array (
				'*/*/*',
				$this->_module.'/*/*',
				$this->_module.'/'.$this->_controller.'/*',
				$this->_module.'/'.$this->_controller.'/'.$this->_action
		);
		$result=false;
		foreach ($resources as $res) {
			if ($acl->has($res) && $acl->isAllowed($this->_role,$res)) {
				return true;
			}
		}

		return $result;
	}
}
